China: National Cybersecurity Standardisation Technical Committee opened consultation on personal information protection requirements for scan-to-order services

On 22 July 2025, the Secretariat of China’s National Cybersecurity Standardisation Technical Committee (TC260) opened a public consultation on the draft cybersecurity standard practice guide on personal information protection requirements for scan-to-order services', until 4 August 2025. The consultation seeks input on standardising personal information protection within the scope of scan-to-order services used by various businesses. The guide applies to third-party providers offering such scan-to-order digital services. The guide seeks to prevent excessive or unlawful data collection from dine-in users. It mandates transparency, user consent, data minimisation, and secure processing, while prohibiting practices like forced subscriptions or unauthorised data sharing.